Introduction
In today's social media-centric world, U.S. government agencies, military branches, intelligence communities, and defense industrial base organizations face a critical challenge: effectively vetting cleared personnel using social media while managing expectations and resources. This process, known as Publicly Available Social Media Information (PASMI) screening, is a critical component of Continuous Vetting for any organization that requires personnel clearance. However, it's far more complex and nuanced than it appears.
The scope of this challenge extends across various sectors:
Government agencies at federal, state, and local levels
Military branches and associated support organizations
Intelligence agencies and their contractors
Defense industrial base companies working on sensitive projects
Other organizations requiring security clearances for personnel

Key Definitions
What is PASMI?
PASMI refers to the practice of screening publicly available social media content for potential security risks. It's a subset of Publicly Available Electronic Information (PAEI), which encompasses all publicly accessible electronic data, from social media to public records and online databases.
What is Continuous Vetting?
Continuous Vetting is an ongoing process of reviewing an individual's background and behavior to ensure they continue to meet the standards required for access to sensitive information or positions. Unlike traditional point-in-time background checks, continuous vetting aims to identify new, potential risks as they emerge in near-real-time.
What is Security Executive Agent Directive 4?
Security Executive Agent Directive 4 (SEAD-4), a federal government adjudicative guideline, outlines reportable behaviors that may affect an individual's eligibility to access classified information or hold a sensitive position. The key categories include:
Allegiance to the United States:Â Actions demonstrating loyalty to the U.S. and willingness to protect its interests.
Foreign Influence: Associations with foreign entities that could create conflicting allegiances.
Foreign Preference: Actions indicating preference for a foreign country over the United States.
Sexual Behavior: Conduct that could make an individual vulnerable to exploitation or coercion.
Personal Conduct: Behavior that raises questions about an individual's judgment, reliability, or trustworthiness.
Financial Considerations: Financial situations that could make an individual vulnerable to coercion.
Alcohol Consumption: Excessive alcohol use that affects judgment or reliability.
Drug Involvement and Substance Misuse:Â Illegal use or misuse of drugs that could impair judgment.
Emotional, Mental, and Personality Disorders: Conditions that could impact reliability or ability to protect classified information.
Criminal Conduct: Violation of laws that raises questions about judgment or willingness to comply with rules.
Handling Protected Information:Â Unauthorized disclosure or mishandling of sensitive information.
Outside Activities:Â Involvement in activities or relationships that create a conflict of interest.
Use of Information Technology: Improper use of IT systems that violates acceptable use policies.
These categories form the basis for continuous evaluation and vetting processes, including those involving PASMI screening.
What is Security Executive Agent Directive 5?
Security Executive Agent Directive 5 (SEAD-5) provides guidelines for the collection, use, and retention of publicly available social media information in personnel security background investigations and adjudications.
Key points related to automated social media screening include:
Automated Searches:Â SEAD-5 permits the use of automated tools to collect publicly available social media information, streamlining the vetting process.
Scope Limitations: Automated searches must be confined to publicly available information that is legally and ethically accessible without circumventing privacy settings.
Identity Verification: The directive requires an exhaustive process to verify that the social media information collected pertains to the individual being investigated.
Content Restrictions:Â Automated tools limit the collection and retention of information to what is necessary for personnel vetting purposes.
Relevance Criteria:Â The automated system should focus on collecting information relevant to the adjudicative guidelines outlined in SEAD-4.
Data Retention:Â There are specific guidelines on how long collected social media information can be retained and under what circumstances.
Transparency: The use of social media information in the vetting process must be disclosed to the individual being investigated.
Prohibition of Deception: The directive explicitly forbids the use of false identities or engaging in deceptive practices to gather information.
Continuous Evaluation:Â SEAD-5 allows for the ongoing monitoring of public social media as part of continuous evaluation programs.
Privacy Safeguards: Automated systems must incorporate measures to protect individual’s privacy and civil liberties.
Challenge of Screening for SEAD-4 Issues
Consider an organization with 5,000 employees:
1. Public Profiles:Â Only about 50% will have public profiles (recall the scope limitations described above!), reducing the screening pool to 2,500.
2. OPSEC Practices: Assuming 60% of those employees are careful and practice good operational security, we're down to 1,000 discovered/mapped profiles.
3. Limited Visibility: We might only see 20% of a user's content in a single pass of automated search, effectively reducing our data to 200 profiles worth of content.
4. Active Posters: On average, only about 20% of social media users regularly post public content, leaving us with 40 active, accessible profiles.
5. Security Concerns:Â The probability of finding a post that raises serious security concerns related to one of the 13 SEAD-4 categories might be as low as 1%.
Applying just these high-level factors, we're left with a probability of finding meaningful security concerns in just one employee's social media content.
The Cost of Insider Threats
The investments required for this type of vetting are substantial, but they're dwarfed by the potential cost of a national security breach. A single incident involving a trusted individual can result in:
Loss of life (military or civilian personnel)
Loss of strategic or tactical advantage
Compromised sources and methods
Significant financial losses
Disruption of programs or capabilities
These high stakes justify the significant resources allocated to vetting processes.
Controlling Expectations of Using PASMI for Screening
Given the complexities involved, it's essential to approach PASMI and continuous vetting with measured expectations:
No Silver Bullet: PASMI is not a cure-all for security concerns.
Balancing Act: There's a constant need to balance security needs with individual free speech and civil rights.
False Positives and Negatives:Â The rarity of genuine security concerns means even with AI in use, false positives and false negatives will happen.
Resource Efficiency:Â Effective vetting must be automated to control human resource costs while leveraging advanced technology for scalable and consistent screening.
Evolving Landscape: Social media platforms and user behaviors are constantly changing.
The Only Viable Way to Add PASMI to Continuous Vetting
The only realistic and economical way forward is through a high-trust, automated, well-thought-out, and transparent approach:
High-Trust Automation:Â Leveraging purpose-built advanced AI and machine learning algorithms for spotting SEAD-4 issues.
Well-Thought-Out Process: Based on sound scientific principles and repeatable data-driven insights.
Transparency & Definition: Open to intense scrutiny and constant validation by independent experts.
Economical Scalability:Â Cost per screening should decrease over time.
Continuous Improvement: Refining algorithms and processes based on real-world results without introducing category bias.
Integration with Existing Systems: Creating a holistic view of potential risks.
Adaptability to Platform Changes:Â Flexibility to adapt to changes in social media platforms.
Take Action with DigitalStakeout's SEAD-5 Compliant Vetting Capabilities
As organizations grapple with the complexities of continuous vetting using social media, DigitalStakeout offers a cutting-edge solution. Our patent-pending SEAD-4 categorization technology is fully compliant with Security Executive Agent Directive 5 (SEAD-5), ensuring that your vetting processes meet the highest standards of security and privacy.Â
DigitalStakeout's automated platform addresses the challenges outlined in this article, providing a scalable, efficient, and accurate way to incorporate PASMI into your continuous vetting procedures. By leveraging our expertise, you can enhance your security posture while maintaining compliance and controlling costs. Don't let the complexities of social media vetting hinder your security efforts.Â
Contact DigitalStakeout today to learn how our SEAD-5 compliant solution can bring publicly available social media and open source intelligence from the web into your vetting process.